CVE-2021-25927
CVE-2021-25927
In short
A flaw in the 'safe-flat' package allows attackers to inject malicious properties into JavaScript objects, potentially crashing the application or executing unwanted code.
Technical detail
Prototype pollution vulnerability in safe-flat 2.0.0-2.0.1 permits attackers to manipulate object prototypes through specially crafted input, resulting in denial of service and potential remote code execution depending on the application context.
Summary generated and translated by AI from the official description.
Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · safe-flatWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →